rails_simple_auth 1.0.0 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9da9b2ca95ab7bc4d65390921ab753bfc4181efc88c28ed745bebae4268310a6
-  data.tar.gz: 0bf68d88f90560c275c4f680b5c741cb458badc4a328d1fd24ae8ff854834a87
+  metadata.gz: 6d9299c78e7be2bfe4bc6e338150d03ec03d80e6c624616e09c30b48c5bf16c6
+  data.tar.gz: 145ebfad74f0188f138a9e8e006bfac26a6404b89d3690a0a8484246a5b01d9f
 SHA512:
-  metadata.gz: 6099797336414bc988d390ced5d6bb73f8def1c1ac57cee123d86c12945c2784b613b3e476c49ac7334de115a5ae53338da0107282cbd9cc6b0e2a4d01d2710d
-  data.tar.gz: 5f676fbf88a8b574cadaa43c96bc52c9e928c966b1d187f31b826c360d1472b160ed473e11582cfa84e232a242275e2ce2fb06714ba9d0a98501734023f94399
+  metadata.gz: 92302e8e2c6d489ebda9e82b222e0a53f31c52f0b8958bf3af2a4240f654f0de7bd81892e350ee92892df16d747ef88d4b43ae69b6af0e510ee1504925755693
+  data.tar.gz: 07d17cb9ca09fe1f01446cf1faf4cc67fb303d5c0553b6e2c242595054700a88fff187838820aed8639c65b3fd839e3679771acb178700f7966cf17f0f1ce258

data/README.md

@@ -9,6 +9,7 @@ Simple, secure authentication for Rails 8+ applications. Built on Rails primitiv
 - **Email confirmation** with signed tokens
 - **Password reset** with signed tokens
 - **OAuth support** (Google, GitHub, etc.)
+- **Temporary users** (guest mode) with conversion to permanent
 - **Rate limiting** built-in
 - **Session tracking** with IP and user agent
 - **Customizable styling** via CSS variables
@@ -67,7 +68,7 @@ class CreateUsers < ActiveRecord::Migration[8.0]
   def change
     create_table :users do |t|
       # Required by gem
-      t.string :email_address, null: false
+      t.string :email, null: false
       t.string :password_digest, null: false
       t.datetime :confirmed_at  # if using Confirmable
 
@@ -81,7 +82,7 @@ class CreateUsers < ActiveRecord::Migration[8.0]
       t.timestamps
     end
 
-    add_index :users, :email_address, unique: true
+    add_index :users, :email, unique: true
   end
 end
 ```
@@ -156,6 +157,7 @@ RailsSimpleAuth.configure do |config|
 
   # Mailer
   config.mailer_sender = "auth@myapp.com"
+  # config.mailer_class = "UserMailer"  # Use custom mailer (optional)
 
   # Password requirements
   config.password_minimum_length = 12
@@ -202,6 +204,77 @@ class User < ApplicationRecord
 end
 ```
 
+## Temporary Users (Guest Mode)
+
+Allow visitors to try your app without signing up, then convert to permanent accounts later.
+
+### Setup
+
+1. Generate the migration:
+
+```bash
+rails generate rails_simple_auth:temporary_users
+rails db:migrate
+```
+
+2. Include the concern in your User model:
+
+```ruby
+class User < ApplicationRecord
+  include RailsSimpleAuth::Models::Concerns::Authenticatable
+  include RailsSimpleAuth::Models::Concerns::TemporaryUser  # Add this
+end
+```
+
+3. Enable in configuration:
+
+```ruby
+RailsSimpleAuth.configure do |config|
+  config.temporary_users_enabled = true
+  config.temporary_user_cleanup_days = 7  # Auto-cleanup after 7 days
+end
+```
+
+### Creating Temporary Users
+
+```ruby
+# Create a temporary user (no email/password required)
+temp_user = User.create!(
+  email: "temp_#{SecureRandom.hex(8)}@temp.local",
+  password: SecureRandom.hex(16),
+  temporary: true
+)
+```
+
+### Converting to Permanent Account
+
+```ruby
+# When user decides to sign up for real
+temp_user.convert_to_permanent!(
+  email: "real@example.com",
+  password: "secure_password"
+)
+# Sends confirmation email automatically if email confirmation is enabled
+```
+
+### Scopes
+
+```ruby
+User.temporary          # All temporary users
+User.permanent          # All permanent users
+User.temporary_expired  # Temporary users older than cleanup_days
+User.temporary_expired(14)  # Custom days
+```
+
+### Cleanup Task
+
+Add to your scheduler (cron, Sidekiq, etc.):
+
+```ruby
+# Delete expired temporary users
+User.temporary_expired.destroy_all
+```
+
 ## Controller Customization
 
 Subclass controllers for custom behavior:
@@ -222,6 +295,75 @@ Update routes to use your controller:
 rails_simple_auth_routes(sessions_controller: "sessions")
 ```
 
+## Mailer
+
+The gem includes a built-in mailer (`RailsSimpleAuth::AuthMailer`) with email templates that work out of the box. No configuration required.
+
+### Included Email Templates
+
+| Email | Purpose |
+|-------|---------|
+| `confirmation` | Email confirmation when user signs up |
+| `magic_link` | Passwordless sign-in link |
+| `password_reset` | Password recovery link |
+
+### Configuration
+
+```ruby
+RailsSimpleAuth.configure do |config|
+  # Sender address for all auth emails (required)
+  config.mailer_sender = "auth@myapp.com"
+  # Or use environment variable
+  config.mailer_sender = ENV.fetch("MAILER_FROM", "noreply@example.com")
+end
+```
+
+### Custom Mailer (Optional)
+
+For branded emails with your own design, use a custom mailer:
+
+```ruby
+# config/initializers/rails_simple_auth.rb
+RailsSimpleAuth.configure do |config|
+  config.mailer_class = "UserMailer"
+  config.mailer_sender = "hello@myapp.com"
+end
+```
+
+Your custom mailer must implement these methods:
+
+```ruby
+# app/mailers/user_mailer.rb
+class UserMailer < ApplicationMailer
+  def confirmation(user, token)
+    @user = user
+    @confirmation_url = edit_confirmation_url(token: token)
+    mail(to: user.email, subject: "Confirm your email")
+  end
+
+  def magic_link(user, token)
+    @user = user
+    @magic_link_url = magic_link_login_url(token: token)
+    mail(to: user.email, subject: "Your sign-in link")
+  end
+
+  def password_reset(user, token)
+    @user = user
+    @reset_url = edit_password_url(token: token)
+    mail(to: user.email, subject: "Reset your password")
+  end
+end
+```
+
+Create corresponding views in `app/views/user_mailer/`:
+
+```
+app/views/user_mailer/
+├── confirmation.html.erb
+├── magic_link.html.erb
+└── password_reset.html.erb
+```
+
 ## Helpers
 
 Available in controllers and views:

data/app/assets/stylesheets/rails_simple_auth/application.css

@@ -0,0 +1,234 @@
+/*
+ * RailsSimpleAuth default styles
+ * These provide a minimal, clean appearance for auth pages.
+ * Override by providing your own layout in the initializer.
+ */
+
+.rsa-body {
+  margin: 0;
+  padding: 0;
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+  background-color: #f5f5f5;
+  min-height: 100vh;
+}
+
+.rsa-container {
+  max-width: 1200px;
+  margin: 0 auto;
+  padding: 0 1rem;
+}
+
+.rsa-header {
+  padding: 1.5rem 0;
+  text-align: center;
+}
+
+.rsa-header__title {
+  margin: 0;
+  font-size: 1.5rem;
+  font-weight: 600;
+}
+
+.rsa-header__title a {
+  color: #333;
+  text-decoration: none;
+}
+
+.rsa-header__title a:hover {
+  color: #007bff;
+}
+
+.rsa-main {
+  padding: 2rem 0;
+}
+
+.rsa-flash {
+  padding: 0.75rem 1rem;
+  margin-bottom: 1rem;
+  border-radius: 4px;
+  max-width: 400px;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.rsa-flash--notice,
+.rsa-flash--success {
+  background-color: #d4edda;
+  color: #155724;
+  border: 1px solid #c3e6cb;
+}
+
+.rsa-flash--alert,
+.rsa-flash--error {
+  background-color: #f8d7da;
+  color: #721c24;
+  border: 1px solid #f5c6cb;
+}
+
+.rsa-footer {
+  padding: 2rem 0;
+  text-align: center;
+  color: #666;
+  font-size: 0.875rem;
+}
+
+/* Auth form styles */
+.rsa-auth-form {
+  max-width: 400px;
+  margin: 0 auto;
+  padding: 2rem;
+  background: #fff;
+  border-radius: 8px;
+  box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+}
+
+.rsa-auth-form__title {
+  margin: 0 0 1.5rem;
+  font-size: 1.5rem;
+  font-weight: 600;
+  text-align: center;
+  color: #333;
+}
+
+.rsa-auth-form__form {
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+}
+
+.rsa-auth-form__group {
+  display: flex;
+  flex-direction: column;
+  gap: 0.25rem;
+}
+
+.rsa-auth-form__label {
+  font-size: 0.875rem;
+  font-weight: 500;
+  color: #333;
+}
+
+.rsa-auth-form__input {
+  padding: 0.75rem;
+  border: 1px solid #ddd;
+  border-radius: 4px;
+  font-size: 1rem;
+  transition: border-color 0.2s;
+}
+
+.rsa-auth-form__input:focus {
+  outline: none;
+  border-color: #007bff;
+  box-shadow: 0 0 0 3px rgba(0, 123, 255, 0.1);
+}
+
+.rsa-auth-form__submit {
+  padding: 0.75rem 1.5rem;
+  background-color: #007bff;
+  color: #fff;
+  border: none;
+  border-radius: 4px;
+  font-size: 1rem;
+  font-weight: 500;
+  cursor: pointer;
+  transition: background-color 0.2s;
+}
+
+.rsa-auth-form__submit:hover {
+  background-color: #0056b3;
+}
+
+.rsa-auth-form__submit:disabled {
+  background-color: #6c757d;
+  cursor: not-allowed;
+}
+
+.rsa-auth-form__divider {
+  text-align: center;
+  color: #666;
+  font-size: 0.875rem;
+  margin: 1rem 0;
+}
+
+.rsa-auth-form__magic-link-button {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 0.5rem;
+  padding: 0.75rem 1.5rem;
+  background-color: #6c757d;
+  color: #fff;
+  border: none;
+  border-radius: 4px;
+  font-size: 1rem;
+  text-decoration: none;
+  transition: background-color 0.2s;
+}
+
+.rsa-auth-form__magic-link-button:hover {
+  background-color: #5a6268;
+  color: #fff;
+}
+
+.rsa-auth-form__oauth {
+  display: flex;
+  flex-direction: column;
+  gap: 0.5rem;
+  margin-top: 1rem;
+}
+
+.rsa-auth-form__oauth-button {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 0.5rem;
+  padding: 0.75rem 1.5rem;
+  background-color: #fff;
+  color: #333;
+  border: 1px solid #ddd;
+  border-radius: 4px;
+  font-size: 1rem;
+  text-decoration: none;
+  transition: background-color 0.2s, border-color 0.2s;
+}
+
+.rsa-auth-form__oauth-button:hover {
+  background-color: #f8f9fa;
+  border-color: #ccc;
+  color: #333;
+}
+
+.rsa-auth-form__oauth-button img {
+  width: 20px;
+  height: 20px;
+}
+
+.rsa-auth-form__links {
+  display: flex;
+  justify-content: space-between;
+  margin-top: 1.5rem;
+  font-size: 0.875rem;
+}
+
+.rsa-auth-form__link {
+  color: #007bff;
+  text-decoration: none;
+}
+
+.rsa-auth-form__link:hover {
+  text-decoration: underline;
+}
+
+.rsa-auth-form__error {
+  padding: 0.75rem;
+  background-color: #f8d7da;
+  color: #721c24;
+  border: 1px solid #f5c6cb;
+  border-radius: 4px;
+  margin-bottom: 1rem;
+}
+
+.rsa-auth-form__error ul {
+  margin: 0;
+  padding-left: 1.25rem;
+}

data/app/controllers/rails_simple_auth/confirmations_controller.rb

@@ -6,33 +6,35 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 3, within: 1.hour, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to new_confirmation_path, alert: "Too many confirmation requests. Please try again later." }
+                 with: lambda {
+                   redirect_to new_confirmation_path, alert: 'Too many confirmation requests. Please try again later.'
+                 }
     end
 
-    def new
+    def show
+      user = user_class.find_signed(params[:token], purpose: :confirm_email)
+
+      if user
+        user.confirm! if user.respond_to?(:confirm!)
+        run_after_confirmation_callback(user)
+        redirect_to resolve_path(:after_confirmation_path), notice: 'Email confirmed! You can now sign in.'
+      else
+        redirect_to new_confirmation_path, alert: 'Invalid or expired confirmation link.'
+      end
     end
 
+    def new; end
+
     def create
-      user = user_class.find_by_email(params[:email_address])
+      user = user_class.find_by(email: params[:email])
 
-      if user && user.respond_to?(:unconfirmed?) && user.unconfirmed?
+      if user.respond_to?(:unconfirmed_or_reconfirming?) && user.unconfirmed_or_reconfirming?
         token = user.generate_confirmation_token
         RailsSimpleAuth.configuration.mailer.confirmation(user, token).deliver_later
       end
 
-      redirect_to new_session_path, notice: "If an unconfirmed account exists with that email, confirmation instructions have been sent."
-    end
-
-    def show
-      user = user_class.find_signed(params[:token], purpose: :email_confirmation)
-
-      if user
-        user.confirm! if user.respond_to?(:confirm!)
-        run_after_confirmation_callback(user)
-        redirect_to resolve_path(:after_confirmation_path), notice: "Email confirmed! You can now sign in."
-      else
-        redirect_to new_confirmation_path, alert: "Invalid or expired confirmation link."
-      end
+      redirect_to new_session_path,
+                  notice: 'If an unconfirmed account exists with that email, confirmation instructions have been sent.'
     end
 
     private

data/app/controllers/rails_simple_auth/omniauth_callbacks_controller.rb

@@ -6,27 +6,29 @@ module RailsSimpleAuth
     skip_before_action :verify_authenticity_token, only: :create
 
     def create
-      auth_hash = request.env["omniauth.auth"]
+      auth_hash = request.env['omniauth.auth']
       provider = params[:provider]
 
       unless RailsSimpleAuth.configuration.oauth_provider_enabled?(provider)
-        redirect_to new_session_path, alert: "OAuth provider not enabled."
+        redirect_to new_session_path, alert: 'OAuth provider not enabled.'
         return
       end
 
       user = user_class.from_oauth(auth_hash)
 
       if user&.persisted?
+        destroy_temporary_user_session(user)
         create_session_for(user)
         run_after_sign_in_callback(user)
-        redirect_to resolve_path(:after_sign_in_path), notice: "Signed in successfully with #{provider.to_s.capitalize}."
+        redirect_to resolve_path(:after_sign_in_path),
+                    notice: "Signed in successfully with #{provider.to_s.capitalize}."
       else
         redirect_to new_session_path, alert: "Could not authenticate with #{provider.to_s.capitalize}."
       end
     end
 
     def failure
-      redirect_to new_session_path, alert: "Authentication failed. Please try again."
+      redirect_to new_session_path, alert: 'Authentication failed. Please try again.'
     end
   end
 end

data/app/controllers/rails_simple_auth/passwords_controller.rb

@@ -7,31 +7,32 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 3, within: 1.hour, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to new_password_path, alert: "Too many password reset requests. Please try again later." }
+                 with: lambda {
+                   redirect_to new_password_path, alert: 'Too many password reset requests. Please try again later.'
+                 }
     end
 
-    def new
-    end
+    def new; end
+
+    def edit; end
 
     def create
-      user = user_class.find_by_email(params[:email_address])
+      user = user_class.find_by(email: params[:email])
 
       if user && can_reset_password?(user)
         token = user.generate_password_reset_token
         RailsSimpleAuth.configuration.mailer.password_reset(user, token).deliver_later
       end
 
-      redirect_to new_session_path, notice: "If an account exists with that email, password reset instructions have been sent."
-    end
-
-    def edit
+      redirect_to new_session_path,
+                  notice: 'If an account exists with that email, password reset instructions have been sent.'
     end
 
     def update
       ActiveRecord::Base.transaction do
         if @user.update(password_params)
           @user.invalidate_all_sessions!
-          redirect_to new_session_path, notice: "Password has been reset. Please sign in with your new password."
+          redirect_to new_session_path, notice: 'Password has been reset. Please sign in with your new password.'
         else
           render :edit, status: :unprocessable_content
           raise ActiveRecord::Rollback
@@ -42,14 +43,14 @@ module RailsSimpleAuth
         "[RailsSimpleAuth] Session invalidation failed after password reset for user #{@user.id}: #{e.message}"
       )
       # Password was rolled back due to transaction, redirect with error
-      redirect_to new_password_path, alert: "Password reset failed. Please try again."
+      redirect_to new_password_path, alert: 'Password reset failed. Please try again.'
     end
 
     private
 
     def set_user_from_token
       @user = user_class.find_signed(params[:token], purpose: :password_reset)
-      redirect_to new_password_path, alert: "Invalid or expired password reset link." unless @user
+      redirect_to new_password_path, alert: 'Invalid or expired password reset link.' unless @user
     end
 
     def can_reset_password?(user)
@@ -60,7 +61,7 @@ module RailsSimpleAuth
     end
 
     def password_params
-      params.require(:user).permit(:password, :password_confirmation)
+      params.expect(user: %i[password password_confirmation])
     end
   end
 end

data/app/controllers/rails_simple_auth/registrations_controller.rb

@@ -6,7 +6,7 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 5, within: 1.hour, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to sign_up_path, alert: "Too many sign up attempts. Please try again later." }
+                 with: -> { redirect_to sign_up_path, alert: 'Too many sign up attempts. Please try again later.' }
     end
 
     def new
@@ -27,18 +27,20 @@ module RailsSimpleAuth
     private
 
     def registration_params
-      params.require(:user).permit(:email_address, :password)
+      params.expect(user: %i[email password])
     end
 
     def after_successful_registration
+      destroy_temporary_user_session(@user)
+
       if RailsSimpleAuth.configuration.email_confirmation_enabled
         send_confirmation_email(@user)
         run_after_sign_up_callback(@user)
-        redirect_to new_session_path, notice: "Account created! Please check your email to confirm your account."
+        redirect_to new_session_path, notice: 'Account created! Please check your email to confirm your account.'
       else
         create_session_for(@user)
         run_after_sign_up_callback(@user)
-        redirect_to resolve_path(:after_sign_up_path), notice: "Account created successfully!"
+        redirect_to resolve_path(:after_sign_up_path), notice: 'Account created successfully!'
       end
     end